CVE-2023-52710

Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasnt been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
huaweiCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en
https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en